1. Field of the Invention
The present invention refers in general to the field of secure authentication system. More particularly, the present invention refers to a user authentication method based on the utilization of biometric identification techniques and related architecture.
2. Description of the Related Art
Authentication is the process by which an entity, such as a financial institution, a bank, etc., identifies and verifies its customers or users to itself and identifies and verifies itself to its customers or users.
Authentication includes the use of physical objects, such as cards and/or keys, shared secrets, such as Personal Identification Numbers (PIN's) and/or passwords, and biometric technologies such as voice prints, photos, signatures and/or fingerprints. Biometric tasks include, for example, an identification task and a verification task. The verification task determines whether or not the person claiming an identity is really the person whose identity has been claimed.
The identification task determines whether the biometric signal, such as a fingerprint, matches that of someone already enrolled in the system.
Various biometrics have been considered for use with smart cards, such as fingerprints, hand prints, voice prints, retinal images, handwriting samples and the like.
An example of a biometric-based smart card is shown in U.S. Pat. No. 5,280,527 describing a credit card sized token (referred to as biometric security apparatus) containing a microchip, in which a sample of the authorised user's voice is stored. In order to gain access to an account, the user must insert the token into a designated slot of an ATM, and then speak with the ATM. If a match is found between the user's voice and the sample enrolment of the voice stored into the microchip, access to the account is granted.
Although the system disclosed in U.S. Pat. No. 5,280,527 reduces the risks of unauthorised access, if compared with conventional PIN-based systems, however, to the extent that the credit card and the microchip disposed therein can be tampered with, the system does not provide the level of reliability and security that is often required in nowadays finance transactions.
In WO-A-0139134 a security system is further disclosed, comprising: a central unit with a biometric sensor to detect biometric data representing characteristic biometric features of a person; at least one portable data carrier; a memory means for storing biometric reference data representing the biometric reference features of the person in the system; a control system capable of generating an authorisation signal to control a functional unit depending on a comparison between the biometric data detected by the sensor and the reference data.
In the security system proposed in such document, the reference data, that are compared with the biometric data detected by the sensor to ascertain the authenticity of the user, are not wholly stored into the data carrier, in the conventional manner, but are splitted, partly in the data carrier and partly in the reading device. Only the combination of data carrier and reading device will produce the complete information needed for authentication.
The invention is particularly advantageous if the biometric sensor is a fingerprint sensor. A fingerprint sensor determines the locally resolved position of minutiae of the fingerprint. The minutiae are singular points of the papillary lines of a fingerprint. These might be end points, branches or similar points of the papillary lines of the fingerprint. The local position is determined depending on the distance from a reference point or radius to the angle related to a reference direction.
In order to personalise the data carrier, the fingerprint of the data carrier owner is reproduced and appropriate reference values are determined for radius and angle. These values are then stored into the system. For practical purpose, the radius reference data are stored only on the data carrier and the angle reference data are stored only on the reading device. Alternatively, the angle reference data are stored in the data carrier and the distance reference data are stored on the reading device.